Back to Details

sharp-edges

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Sharp Edges

风险隐患点

Overview

概述

Identify error-prone APIs and dangerous configurations that could lead to bugs, security vulnerabilities, or system failures.
识别可能导致bug、安全漏洞或系统故障的易出错API和危险配置。

When to Use This Skill

何时使用该技能

Use this skill when you need to identify error-prone APIs and dangerous configurations.
Use this skill when:
  • Reviewing code for potentially dangerous API usage
  • Identifying configurations that could cause issues
  • Analyzing code for error-prone patterns
  • Assessing risk in API design or configuration choices
  • Performing security audits focused on API misuse
当你需要识别易出错的API和危险配置时,使用本技能。
在以下场景中使用:
  • 审查代码中存在潜在危险的API使用情况
  • 识别可能引发问题的配置
  • 分析代码中的易出错模式
  • 评估API设计或配置选择中的风险
  • 开展针对API误用的安全审计

Instructions

使用说明

This skill helps identify problematic APIs and configurations:
  1. API Analysis: Review API usage for error-prone patterns
  2. Configuration Review: Identify dangerous or risky configurations
  3. Pattern Recognition: Spot common mistakes and pitfalls
  4. Risk Assessment: Evaluate the potential impact of identified issues
本技能可帮助识别有问题的API和配置:
  1. API分析:审查API使用中的易出错模式
  2. 配置审查:识别危险或高风险的配置
  3. 模式识别:发现常见错误和陷阱
  4. 风险评估:评估已识别问题的潜在影响

Common Sharp Edges

常见风险隐患点

Error-Prone APIs

易出错的API

  • APIs with complex parameter requirements
  • APIs with non-obvious failure modes
  • APIs that require careful resource management
  • APIs with timing or concurrency issues
  • APIs with unclear error handling
  • 参数要求复杂的API
  • 故障模式不明显的API
  • 需要谨慎管理资源的API
  • 存在时序或并发问题的API
  • 错误处理机制不清晰的API

Dangerous Configurations

危险配置

  • Default settings that are insecure
  • Configurations that bypass security controls
  • Settings that enable dangerous features
  • Options that reduce system reliability
  • Parameters that affect performance negatively
  • 不安全的默认设置
  • 绕过安全控制的配置
  • 启用危险功能的设置
  • 降低系统可靠性的选项
  • 对性能产生负面影响的参数

Detection Strategies

检测策略

  1. Code Review: Look for known problematic patterns
  2. Static Analysis: Use tools to identify risky API usage
  3. Configuration Audits: Review configuration files for dangerous settings
  4. Documentation Review: Check for warnings about API usage
  5. Experience-Based: Leverage knowledge of common pitfalls
  1. 代码审查:查找已知的问题模式
  2. 静态分析:使用工具识别高风险的API使用情况
  3. 配置审计:审查配置文件中的危险设置
  4. 文档审查:检查API使用相关的警告信息
  5. 经验判断:利用常见陷阱的相关知识

Best Practices

最佳实践

  • Document identified sharp edges
  • Provide clear guidance on safe usage
  • Create examples of correct vs incorrect usage
  • Recommend safer alternatives when available
  • Update documentation with findings
  • 记录已识别的风险隐患点
  • 提供清晰的安全使用指南
  • 创建正确与错误用法的示例
  • 在有替代方案时推荐更安全的选择
  • 根据发现更新文档

Resources

资源

For more information, see the source repository.
如需了解更多信息,请查看源仓库